ClawHub

Daily Bazi Analysis

Security checks across malware telemetry and agentic risk

Overview

This astrology skill is not malicious, but it should be reviewed because it stores and logs user-linked birth-profile data without clear opt-in, retention, or deletion controls.

Install only if you are comfortable with the skill saving your Bazi four-pillar profile and creating user-linked diagnostic logs. Prefer requiring explicit consent before saving, a one-time mode for unsaved readings, and clear controls to view, update, or delete stored profile data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
86% confidence
Finding
The declared purpose is end-user fortune analysis, but the skill bundle also embeds operational instructions for text extraction, spreadsheet ingestion, and SQL generation/import. Mixing admin/data-preparation behaviors into a user-facing skill increases the risk that an agent could expose internal file paths, manipulate local data sources, or be induced to perform unintended maintenance actions outside the stated scope.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger is broad enough to capture many ordinary queries about whether today is suitable for some action, even when the user did not ask for astrology or consent to a profile-driven analysis flow. That can cause unexpected activation, unnecessary collection of personal profile data, and surprising persistence/logging behavior in contexts where the user likely intended a generic recommendation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to write the user's four-pillar profile into long-term memory, but it does not require a clear warning or affirmative consent before persistence. Persisting user-linked profile data without explicit notice undermines privacy expectations and can create unauthorized retention of sensitive personal attributes.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The cited passage contains explicit gender-essentialist and discriminatory claims such as assigning women fixed moral and social roles based on destiny, with labels like '清贵' versus '娼淫'. In a user-facing fortune-telling skill, presenting such content without contextualization or safeguards can directly produce biased, harmful, or demeaning outputs toward users, especially when the system personalizes readings from stored personal data.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill is designed to retain and reuse a user-specific four-pillar profile across sessions, creating persistent linkage between a person and derived birth-related personal data. Even if not highly regulated in all jurisdictions, this is still user profile data that should be minimized, consented to, and protected because it can reveal identity-linked attributes and enable long-term tracking.

Ssd 3

Medium
Confidence
98% confidence
Finding
The onboarding flow requires requesting, validating, structuring, and persisting detailed personal profile data without any mandatory consent gate, retention limit, or privacy notice. This creates a straightforward path for over-collection and silent persistence of user-linked data, especially because the flow continues automatically once data is provided.

Ssd 3

Medium
Confidence
95% confidence
Finding
The mandatory logging requirements compel recording multiple user-linked fields for every request, including identifiers, timezone, memory status, and analysis metadata. Broad, always-on logging increases privacy and security exposure because it creates a durable trail of sensitive interaction data that could be misused, over-retained, or leaked if log access is not tightly controlled.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal